Where’s the Breach? or would you like fraud with that burger?

Wendy’s (NASDAQ:WEN), the third largest fast-food chain in the world is probing a breach on their networks with loss of personally identifiable information (PII) according to sources.  Krebs reports that from the Midwest to the East Coast, there have been reports of Credit Card/Identity Theft from folks who shopped at one of the 6,500 Wendy’s franchise and company-operated restaurants.  With franchises is 28 countries, this could turn out to be an even larger international breach if the cyber criminals or malware they use has secretly spread across the franchise.

A notorious hacker known as “Rescator” is at the center of a major stolen credit card trading ring and it appears that some of the stolen cards are appearing for sale at Rescator’s site, giving the impression that this was a cyber breach and not physical credit card duplication by malicious insiders.  Time will tell how big this breach will become and at some point details will likely show up at http://www.privacyrights.org in the near future due to identity theft and hacking disclosure laws.  Here are my quick tips for handling this breach:

• Check your credit  report at  http://www.annualcreditreport.com.  Look for accounts or charges you don’t recognize.
• If you think you’ve been a victim in this breach, ask Wendy’s to provide you at least 1-2 years of free credit monitoring, identity theft insurance and recovery services.
• Place a fraud alert on your credit reports. With a fraud alert, businesses must verify your identity before providing new credit.
• Consider placing a credit freeze. With a credit freeze, no one can open a new account in your name (until you lift the freeze).
• Contact your bank or credit card company to cancel your card and request a new account number. If you have automatic payments, update them with your new account number.
• Review your transactions regularly to make sure no one has  misused the account.

To place an alert on your credit file, contact the three major credit bureaus and place a 90 day “fraud alert.” This helps protect you against the possibility of an identity thief opening new credit accounts in your name. When a merchant checks the credit history of someone applying for credit, the merchant gets an “alert” that there may be fraud on the account.  Their phone #’s are:

• Experian 1-888-397-3742
• Equifax 1-800-525-6285
• TransUnion 1-800-680-7289

You will reach an automated telephone system. You will also be sent instructions on how to get a free copy of your report from each  of the credit bureaus. Order the reports.

If you discover that someone is misusing your information, you’ll need to take additional steps, including filing a complaint with the FTC.  http://www.IdentityTheft.gov  walks you through those steps – because recovering from identity theft is easier with a plan.

It’s really important, if you want to protect your privacy, you should opt-out of every advertising network that you can. Visit the National Do Not Call Registry and register your smartphone and home phone numbers at https://www.donotcall.gov/

If you use a google email account and have an Android phone, you’d be surprised that even with your GPS off, it’s tracking your every move. You can login to

https://maps.google.com/locationhistory/b/0 and see for yourself.

You have to go into your smartphone or tablet settings and turn this feature off. It is possible to turn this off. In your Android phone, go to Settings, then Location, select Google Location Reporting and set Location History to off. The same holds true for the Apple iPhone, iPad and iTunes. You need to find the location and privacy settings and turn off access under Settings, then Privacy then Location.

Many companies you do business with are required to give you privacy notices that explain their information-sharing practices. In turn, you have the right to limit some — but not all — sharing of your information. The law balances your right to privacy with a company’s need to provide information for normal business purposes. Credit reporting companies also may sell information about you to lenders and insurers who use the information to decide whether to send you unsolicited offers of credit or insurance.

This is known as prescreening.

You can opt out of receiving prescreened offers by calling 1-888-567-8688. There are two federal laws which cover different aspects of how companies can share your financial information: the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA). Learn more about your financial and credit information privacy rights at http://www.consumer.ftc.gov

When it comes to your medical or health care records, the law that is designed to protect your information is called the Health Insurance Portability Accountability Act (HIPAA). Learn more about your privacy rights on HIPAA at http://www.hhs.gov/ocr/privacy/

Other useful links:

Breach Help: Tips for Consumers

http://www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-17-breach-help.pdf

How to Order Your Free Credit Reports

http://oag.ca.gov/idtheft/facts/free-credit-reports

How to “Freeze” Your Credit Files http://www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_10_credit_freeze_doj.pdf

Identity Theft Victim Checklist http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_3_victim_checklist_10_13.pdf

Top 10 Tips for Identity Theft Protection are found at http://www.oag.ca.gov/sites/all/files/agweb/pdfs/idtheft/cis_1_top_10tips_doj.pdf

The FTC website has  steps to take  to ward off theft  of your Social  Security number at http://www.consumer.ftc.gov/features/feature-0014-identity-theft

ABOUT THE AUTHOR

Gary recently blew the lid on the how Russian, Chinese and Indian hackers are behind the top 10 flashlight apps specifically designed to collect and expose your personal information to cybercriminals abroad. Fox News Bret Baier’s interview with Gary broke records for Fox with over 5m views. Gary is a consumer advocate who has been recently featured on ABC, Good Morning America, World News Tonight, NBC’s Today, FOX News, CNBC and elsewhere for his expertise as a cyber security expert. He is Founder of SnoopWall, Inc., a cutting edge counter-intelligence technology company offering free consumer based software to secure personal data on cell-phones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been extremely active in the INFOSEC arena, as the Executive Producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine. He has patents and patents pending on his inventions for Computer and Network Security. He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. He also advised the National Infrastructure Advisory Council (NIAC) which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky is a founding member of the US Department of Homeland Security, served on the OVAL advisory board of MITRE and is a founding Board member of the National Information Security Group.